Bulletproof hosting services like ZServers are often exploited for illegal activities, including hosting malware and phishing sites, making them a key player in the cybercriminal ecosystem.

The individuals sanctioned alongside ZServers include Aleksandr Bolshakov, the alleged owner, and four others: Aleksandr Mishin, Ilya Sidorov, Dimitriy Bolshakov, and Igor Odintsov.

This latest action follows previous law enforcement efforts, which included the arrests of four individuals associated with LockBit in October 2024 and the arrest of one of its lead developers in Israel in August 2024.

Bradley T. Smith from the Treasury Department highlighted the necessity of disrupting the criminal ecosystem that supports ransomware attacks on critical infrastructure.

On February 11, 2025, the United States, Australia, and the United Kingdom announced sanctions against ZServers and five individuals linked to the notorious LockBit ransomware group.

The sanctions specifically target ZServers, a Russian bulletproof hosting service, for its alleged involvement in facilitating cyber crimes.

These sanctions prohibit businesses and individuals in the US, UK, and Australia from engaging in transactions with ZServers or its employees, while also freezing any assets the company may hold in these jurisdictions.

ZServers has been accused of providing essential infrastructure for LockBit, which is recognized as a significant ransomware-as-a-service operation that has disrupted various sectors by demanding ransom for data decryption.

Evidence gathered over several years indicates that ZServers leased IP addresses that were utilized by LockBit to coordinate attacks and manage their ransomware operations.

While some experts argue that sanctions can hinder operations by increasing costs and complicating financial transactions, others believe that ransomware groups like LockBit are highly adaptable and can find alternative infrastructure.

Despite mixed opinions on their effectiveness, sanctions remain a critical tool in the ongoing battle against cybercrime.

As ransomware tactics continue to evolve, organizations must enhance their incident management strategies to effectively combat these persistent threats.